Researchers have discovered multiple vulnerabilities in a pre-installed app on phones made by one of the world’s biggest smartphone vendors that potentially impacted the privacy and security of more than 150 million Android users worldwide.
According to security researchers at Check Point Research, the vulnerabilities were found in an app pre-installed on smartphones made by Xiaomi, the biggest mobile phone manufacturer in China and India, and the fourth biggest by market share in the world.
The app in question was a self-proclaimed security app dubbed “Guard Provider,” which promised to protect Xiaomi users from malware. But Check Point found that the app’s failure to encrypt virus database updates opened Xiaomi users to man in the middle attacks (MiTM) when users connected to public WiFi hotspots.
“Once connected to the same WiFi network as the victim—say, in public places i.e. at restaurants, coffee shops, or malls—the attacker would be able to gain access to the phone owner’s pictures, videos, and other sensitive data, or inject any type of malware,” Check Point told Motherboard in an email.
Xiaomi said last year it had originally hoped to offer its smartphones and other hardware here in the States in 2019, though those efforts may have been delayed for PR reasons given the ongoing national security concerns regarding Huawei and ZTE products.
SHARE THIS POST